DotNetNuke DNN Sites getting spam registrations – How to stop them

In recent weeks, many of our DNN websites have systematically been targeted for Spam New User Registrations. There has been some discussion around the how and why, and as much as we can tell, the problem is this:

1. Some script kiddy has bothered to write a bot that finds DNN websites. It is not even a good bot, because it is not capable of validating registrations to automated active email addresses. (If you are the creator of the bot… “YOU ARE DOING IT WRONG” as it is not going to bring the Google results you are looking for.)

2. The bot will attempt access to: www.yoursite.com /?ctl=Register

3. This brings into play the default DNN registration process module.

4. This page is currently available if your site has either Public or Verified registrations enabled.

5. Tricks on derating the bot by raising the password complexity appeared to work a short time only.

6. Enabling the inbuilt Captcha is as good as useless, as almost any OCR application can break it.

7. A better simple solution is needed.

ReCaptcha is the FIX that is working well

Here at InteractiveWebs, we decided that we would enable Recapcha (a cleaver Google Initiative https://www.google.com/recaptcha/ ) that is harder to be machine broken, and test the results. We found that all the spam registrations stopped once Recaptcha was used.

To do this we created two Free DNN Modules to add Recaptcha to the URL that this bot is using to register on sites. The two modules are to support DNN 6.2 + and 7x +.

Once installed, you need to add the module to a page as you would any other. We recommend adding it to it’s own page in the DNN Admin menu, and keeping the page Admin Only.

Step 5 – Configure the iWebs Register Module.

The module you are looking for is called: iWeb’s – Register – You can select the Settings from the module drop down as you would any other DNN module.

Enter the Public Key and Private Keu information that you received from your Google Recaptcha registration of your domain. THEN SELECT UPDATE to save the information.

Step 6 – Install the Register Control

After saving your public and private keys by clicking “update” you are ready to:

Click on the “Install Register Control”

This will inject the recaptcha setting into your website. So when you hit any registration URL (www.yoursite.com /?ctl=Register) you now get the recaptcah box.

Update to V2 of Recaptcha

Google has released what they call V2 of Recaptcha. We have update the module to support this. The process of updating to V2 goes like this.

1. By default, previously created recaptcha keys are V1. Any updated installs of our module will need to be put into V1 mode (in the settings) to keep working with your V1 keys that you have previously configured into the module. So after updating our module to the latest release, go into the module settings and enable V1 mode for the module to keep working.

2. V2 recaptcha is better than V1. So we would suggest that all users of the module update to V2. To do this, you update our module to the latest release, then go into the Google Recaptcha management page, and delete your domains security keys, then generate new keys for V2. They have instructions on that process, all be is hard to understand.

Once you have new V2 recaptcha keys, you update these new keys back into our module and ensure that the V1 mode is NOT enabled. The V2 recaptcha will then run on your site.

To Remove and Uninstall

2. Uninstall the iwebs – Register module as you would any other DNN module.

Thoughts

This was a quick solution to some script kiddies attempt to attack DNN. I’m actually struggling to find the purpose (if you wrote the bot and you are reading this, I would love to hear why). There is little threat by the registrations that I can find. More annoying that anything else. While Recaptcah can be broken, it would take some smarts or costs to use online services for the bot, so I suspect they will not bother and recaptcha will reign for this problem. In any case, if they spend some time and effort making the bot work for recaptcah, it is easy enough for us to implement some of the loads of other solutions available to stop them.

Donations

We included a donation button. If you find the solution, blog, research we did, modules we created and responses we provide to be helpful. Please consider throwing us a few $

After Upgrading DNN 7 and browsing to the ADMIN>Site Settings you find an error: A critical error has occurred.Object reference not set to an instance of an object.

The Fix

And save that to the /BIN folder in your DNN website, this will fix the issue and leave any third party modules that reference it working.

Accessing your Google Analytic Data via API

To allow a third party module or application to view and display your Google Analytics data for your website. You need to get a few things organised.

1. You need to have a Google Analytic account with your website registered.

Go to: http://www.google.com/analytics/ and follow their instructions to set up your URL under an account that you can manage and access with Admin permissions. We are not going to go through these steps here as it is a given that you will have this. Seek help from Google if you can’t manage.

2. Set up an API for your Google Analytics Account at the Google Developers Portal.

In the sidebar on the left, expand APIs & auth. Next, click APIs. Select the Enabled APIs link in the API section to see a list of all your enabled APIs. Make sure that the Google Analytics API is on the list of enabled APIs. If you have not enabled it, select the API from the list of APIs, then select the Enable API button for the API.

In the sidebar on the left, select Credentials.

In either case, you end up on the Credentials page and can create your project’s credentials from here.

Create a client ID

From the Credentials page, click Create new Client ID under the OAuth heading to create your OAuth 2.0 credentials.

For the APPLICATION TYPE select Service account.

Click Create Client ID.

For the KEY TYPE select P12 key. (The system will download a .P12 file. You will need this file to upload to the module)

A dialog box appears. To proceed, click Okay, got it.

3. Add service account to Google Analytics account

The newly created service account will have an email address, <projectId>-<uniqueId>@developer.gserviceaccount.com; Use this email address to add a user to the Google analytics account you want to access via the API. For this tutorial only Read & Analyzepermissions are needed.

In Summary

You have Authorised the associated weird google email address from the P12 account to have read permissions on your Analytics Account.

If you get all that right, then the module we use, will work to access your Google Analytics data from within your module.

Error when opening the DNN Active Forum Module Control Panel

When you attempt to open the forum module Control Panel, you receive a.net load error that says a critical error has occurred. Upon looking at the log files for the website within DNN, you’ll notice that the related error message looks something like this.

bsoluteURL:/Default.aspxDefaultDataProvider:DotNetNuke.Data.SqlDataProvider, DotNetNukeExceptionGUID:1012073d-d31d-4a73-a051-31478c9de05dAssemblyVersion:7.4.0PortalId:0UserId:3429TabId:107RawUrl:/Resources/Forum/ctl/EDIT/mid/506Referrer:http://website.com.au/Resources/ForumUserAgent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/600.6.3 (KHTML, like Gecko) Version/8.0.6 Safari/600.6.3ExceptionHash:eUa1nHF8hNveOCQzqX0zOg==Message:Object reference not set to an instance of an object.StackTrace:InnerMessage:Object reference not set to an instance of an object.InnerStackTrace: at DotNetNuke.Modules.ActiveForums.Controls.Callback.OnLoad(EventArgs e) at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)Source:FileName:FileLineNumber:0FileColumnNumber:0Method:Server Name: SERVERNAME

The Fix

It is good practice to ensure that you have the latest version of the DotNetNuke forum module on your website. Especially if you are using the later versions of DNN. Currently the module project has been moved into an open source project on GitHub. The latest version can be found here: https://github.com/ActiveForums/ActiveForums

fixing the error

you need to ensure that the web.config file also includes the following reference.

Error when opening the DNN Active Forum Module Control Panel

When you attempt to open the forum module Control Panel, you receive a.net load error that says a critical error has occurred. Upon looking at the log files for the website within DNN, you’ll notice that the related error message looks something like this.

bsoluteURL:/Default.aspxDefaultDataProvider:DotNetNuke.Data.SqlDataProvider, DotNetNukeExceptionGUID:1012073d-d31d-4a73-a051-31478c9de05dAssemblyVersion:7.4.0PortalId:0UserId:3429TabId:107RawUrl:/Resources/Forum/ctl/EDIT/mid/506Referrer:http://website.com.au/Resources/ForumUserAgent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/600.6.3 (KHTML, like Gecko) Version/8.0.6 Safari/600.6.3ExceptionHash:eUa1nHF8hNveOCQzqX0zOg==Message:Object reference not set to an instance of an object.StackTrace:InnerMessage:Object reference not set to an instance of an object.InnerStackTrace: at DotNetNuke.Modules.ActiveForums.Controls.Callback.OnLoad(EventArgs e) at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)Source:FileName:FileLineNumber:0FileColumnNumber:0Method:Server Name: SERVERNAME

The Fix

It is good practice to ensure that you have the latest version of the DotNetNuke forum module on your website. Especially if you are using the later versions of DNN. Currently the module project has been moved into an open source project on GitHub. The latest version can be found here: https://github.com/ActiveForums/ActiveForums

fixing the error

you need to ensure that the web.config file also includes the following reference.

To allow a third party module or application to view and display your Google Analytics data for your website. You need to get a few things organised.

1. You need to have a Google Analytic account with your website registered.

Go to: http://www.google.com/analytics/ and follow their instructions to set up your URL under an account that you can manage and access with Admin permissions. We are not going to go through these steps here as it is a given that you will have this. Seek help from Google if you can’t manage.

2. Set up an API for your Google Analytics Account at the Google Developers Portal.

In the sidebar on the left, expand APIs & auth. Next, click APIs. Select the Enabled APIs link in the API section to see a list of all your enabled APIs. Make sure that the Google Analytics API is on the list of enabled APIs. If you have not enabled it, select the API from the list of APIs, then select the Enable API button for the API.

In the sidebar on the left, select Credentials.

In either case, you end up on the Credentials page and can create your project’s credentials from here.

Create a client ID

From the Credentials page, click Create new Client ID under the OAuth heading to create your OAuth 2.0 credentials.

For the APPLICATION TYPE select Service account.

Click Create Client ID.

For the KEY TYPE select P12 key. (The system will download a .P12 file. You will need this file to upload to the module)

A dialog box appears. To proceed, click Okay, got it.

3. Add service account to Google Analytics account

The newly created service account will have an email address, <projectId>-<uniqueId>@developer.gserviceaccount.com; Use this email address to add a user to the Google analytics account you want to access via the API. For this tutorial only Read & Analyzepermissions are needed.

In Summary

You have Authorised the associated weird google email address from the P12 account to have read permissions on your Analytics Account.

If you get all that right, then the module we use, will work to access your Google Analytics data from within your module.

Installing the Zendesk to CRM 2015 integration

These instruction have been updated from the Zendesk instructions provided here: https://support.zendesk.com/hc/en-us/articles/203660156-Zendesk-for-Microsoft-Dynamics-CRM-Part-1-Installing-the-Zendesk-for-Microsoft-Dynamics-CRM-as-a-module-in-Microsoft-Dynamics-CRM

They use a combination of the original processes that Zendesk have created originally for CRM 2011 and that worked on Pre SP1 versions of CRM 2013. The packages referenced have been update by InteractiveWebs to work with CRM 2013 Post SP1 and CRM 2015 (technically all versions but we recommend post SP 0.1)

Update Security Roles

Select the User that you wish to use to bring in Zendesk Integration Items. We are using in this example the Administrator account, but it could be anyones account.

Then with the account loaded, select the additional item dropdown menu to the far right of the top level menu, selecting Manage Roles

Select Zendesk Administrator

There is also a Zendesk Read configuration setting. The Zendesk support site has details on how this can be used.

Double Click on that name to load the account.

Configure Entity Mapping

In your browser, click on Refresh to reload the CRM page, and in turn the top level menu that has been updated after import for the Zendesk Solution.

In the CRM system, select Settings / Zen Entity Mappings

Click + New

The most typical setups are things like on a “Contact” entity, match the Zendesk ticket requester with the email address on the “Contact” record. But what if you wanted to match of the “Full Name” field instead in both systems? Now you can by utilizing entity mappings.

Select the following items

Entity Name – This is the Microsoft Dynamics entity that you want the mapping applied to.

Zendesk Object – This is where you can select which object from Zendesk you’d like to pick your field from.

Zendesk Field – This will populate with values depending on your selection from Zendesk Object.

Entity Field – This is a list of fields associated to the selected Entity Name. Pick which field you want to match to the Zendesk Field.Click “Save” to store the mapping.

Click the ZD Entity Mapping tile to return to the page.

Repeat steps 1-5 if you wish to add more mappings for additional Entities..

Here’s a list of the most common types of mappings:

Account/Organization Entity

Entity Name: “Account” or “Organization”

Zendesk Object: Organization

Zendesk Field: Name

Entity Field: Account Name

Contact/Lead Entity

Entity Name: “Contact” or “Lead”

Zendesk Object: User

Zendesk Field: EmailAddress

Entity Field: EmailAddress 1

Configure Zendesk Settings Page

In CRM Navigate to Settings / ZD Settings (Note that this one is not the ZD Personal Settings Menu Item).

NOTE – This works best in Chrome – We found troubles with IE and Safari (not our work)!

You now need to set up your Zendesk credentials so that the system can authenticate to the appropriate Zendesk instance.

To do so, navigate to Settings, then locate the Zendesk Settings->Settings title and click the title.

You will be presented with 4 sections:

Ticket view defaults – global default settings for ticket views in the Zendesk ticket panel. This sets the defaults at the account level, but can be overwritten by individual preferences by each user.

Filtering – sets the default values for filters in the Zendesk ticket panel.

Sorting – sets the default sort order for tickets in the Zendesk ticket panel.

Authentication – enter your Zendesk subdomain (make sure you specify HTTP vs. HTTPS if you have SSL enabled) and login credentials (you need administrator credentials). This gives your Microsoft Dynamics CRM users read-only access to available tickets. To create or edit tickets from Microsoft Dynamics CRM, your Dynamics users must have a Zendesk license, and they will need to enter their own credentials (explained later in this article).

Mapped record types – enables you to modify the data elements that display in a Zendesk user profile when a ticket is loaded. You can choose from Lead, Contact, and Account. All fields are available, including custom fields.

Ticket-to-case mapping – identifies data items that should be mapped from standard Zendesk ticket fields into Microsoft Dynamics CRM cases. The three Zendesk fields that are supported are Status, Priority, and Type.

Add Zendesk Ticket Grid

Now you are ready to add the Zendesk ticketing panel to any of the entity pages that you’ve configured mappings for. You need to repeat the steps below for each entity type you want the ticketing grid displayed on.

In Microsoft Dynamics, navigate to the first entity where you want to add the ticketing grid. For this example, we’ll refer to a Contact record.

Select any contact in your list and navigate to the Form Editor.

In Dynamics 2015, highlight the More (…) tab(1) and select the option for Form(2) to start the form editor.

In Dynamics 2011, navigate to the Customize (1) tab and click on Form (2)

In the Form Editor, click the Insert tab (1), then click the Web Resource button (2).

In the Add Web Resource page, click the magnifying glass next to Web resource to find the Zendesk ticket grid (zd_/Pages/TicketGrid/TicketGrid.html).

In the next page, select the check box next to zd_/Pages/TicketGrid/TicketGrid.html, then click OK.

Back in the Add Web Resource dialog box you should see zd_/Pages/TicketGrid/TicketGrid.html in the Web resource field. Enter a Name and Label you can easily recognize (consider naming it Zendesk Ticket Panel). Check the box for Pass record object-type code and unique identifier as parameters. Click OK.

ou now have a Zendesk ticket panel in the form layout that you can drag anywhere you’d like on the page. You can even create a special subsection for it if you’d like.

After you place the panel, navigate to the Home tab, click Save, then click Publish.

Refresh the contact page you had open and you should see the new Zendesk ticket panel where you placed it!

Repeat these steps for any other entities you have created mappings for.

Configuring InteractiiveWebs Zendesk to CRM 2015 Web Service

Next you need to enable your CRM instance to use the InteractiveWebs Web Service that will connect Zendesk to your CRM instance either in the cloud, IFD or on premises.

If you have an IFD instance or a Microsoft Hosted Cloud

If you have never registered with InteractieWebs then click on “Subscribe Now”

Fill in the form with the following details.

Username: Select a user name to use with our website.

Password: Select a password to use on our website

Email: Be sure to use a valid email address. We will not share or spam you, but for services we need this to be accurate.

First Name: Your First Name

Last Name: Your Last Name

CRM Address: This is the address of your CRM server in the following format: e.g.. https://contoso.hostedcrm.com:444/ You type “contoso.hostedcrm.com” (without the “ “ ).

CRM Organization: You administrator can help with this, but in the example above it is “contoso” and is usually the word before the domain of your hosting environment.

You can contact us on the help link at the bottom of the page if you are not sure what you should type here.

If you have an on premises CRM solution

you will need a custom version of the web service to host on your own servers. Contact us at our website: http://www.interactivewebs.com/ContactUs/tabid/55/Default.aspx

and advise that you are after a custom web service for Zendesk to CRM 2015 integration. Advise us of:

1. The URL you use to access your CRM internally.

2. The Organisation name you use in CRM.

We can then provide you with a custom web service for $200 one off fee with no expiry date on the web service.

Setup Zendesk Integration

Lastly you will need to set up the Zendesk side of the integration.

To do this, you login to your Zendesk interface and Admin / Extensions

In Extensions you select CRM

Select Microsoft Dynamics CRM 2011

Select your hosting type

If you have IFD or Microsoft Cloud Hosted Solution, select Cloud or IFD respectively

For the Web Service (having subscribed to the service) put in: https://zendesk.interactivewebs.com (note that this will only work if you have subscribed)

If you have an on-premise then select that and put in the URL of your web service that was supplied to you after contact InteractiveWebs for a custom solution.

All the other data for that page is per the instructions and help provided by Zendesk in their help pages.

Support

If you have problems or questions, please feel free to contact us at: http://www.interactivewebs.com – We have a range of other integration products, including website to CRM integrations for forms, billing, kb, support and more.

When using DNN Blog Module you receive 404 page cannot be found error

The symptoms of this are fairly easy. When you click on the Read more link or the title of a blog that would normally take you to the full article of the blog. The page instead displays a 404 error.

If you explore the URL you will find that the URL references the blog title something like this: http://canopi.com.au/Blog/Post/355/Single-Server-Sign-On-SSO-Part-1

take note that the URL does not end with the .aspx

The Cause

The URL of the blog post is being rewritten through the friendly URL settings within the later versions of DNN.